Security Expertise

Cryptographic Engineering, Built at Horizon Dynamics

Hybrid post-quantum protocols with ML-KEM-768 + Ristretto255, formally verified by Tamarin and ProVerif. Resistant to Harvest Now, Decrypt Later quantum attacks.

Authentication Protocol

OPAQUE

Hybrid 4DH Ristretto255 + ML-KEM-768 asymmetric PAKE. Server never receives or stores the password. Argon2id 256 MiB memory-hard stretching. Formally verified: Tamarin 8/8 lemmas, ProVerif 8/8 queries.

4DH key exchange with UKS resistance
Offline dictionary attack resistance (Argon2id)
Mutual authentication via HMAC-SHA-512
ML-KEM-768 post-quantum hybrid (NIST FIPS 203)

Messaging Protocol

Ecliptix Protection

Hybrid post-quantum Double Ratchet with X3DH key agreement and ML-KEM-768 encapsulation. AES-256-GCM-SIV nonce-misuse resistant AEAD. Formally verified: Tamarin 10/10 lemmas, 6 game-based security theorems.

Double Ratchet: unique key per message
X3DH + ML-KEM-768 hybrid key agreement
Forward secrecy + post-compromise security
Per-direction hybrid ratchet (DH + Kyber-768)

Full Security Stack

From authentication to delivery — end-to-end protection

User

Password never leaves the client device

OPAQUE Auth

4DH + ML-KEM-768 mutual authentication in 481 ms

Protection

Double Ratchet: fresh key per message

Quantum-Safe

HNDL-resistant hybrid encryption on every layer

Business Value of Security

Cryptography impact on business metrics

Properties Verified

OPAQUE: Tamarin 8/8 + ProVerif 8/8. Ecliptix: Tamarin 10/10 + ProVerif 4/6 + 6 game-based theorems. Dolev-Yao adversary with quantum oracle.

Handshake Latency

Full Ecliptix handshake (keygen + X3DH + Kyber + confirm). OPAQUE auth 481 ms including Argon2id 256 MiB. Hybrid ratchet step ~259 us.

Tests, 0 Failures

OPAQUE: 126 tests. Ecliptix: 159 tests including proptest, stress tests, and adversarial inputs. Zero clippy warnings across both codebases.

Standards Compliance

Cryptographic protocols meeting the highest security requirements

SOC 2Type II

Continuous security oversight, access control and data protection, verified by independent audit

GDPRCompliant

Full compliance with EU personal data protection requirements, including the right to erasure

HIPAAReady

Architecture meets requirements for the protection of medical information and patient data

ISO 27001Aligned

Information security management system aligned with the international standard

NISTSP 800-63

Digital identity and authentication protocols meeting federal security standards

FIPS140-3

Cryptographic modules aligned with current U.S. government security requirements

Protocol Comparison

How our protocols differ from traditional methods

Feature

OPAQUE

Protection

Traditional

Zero-knowledge password

Offline attack resistance

Forward secrecy

Per-message key rotation

Post-quantum resilience (ML-KEM-768)

Post-compromise security (self-healing)

Mutual authentication

Formally verified (Tamarin + ProVerif)

Nonce-misuse resistant AEAD

Per-epoch metadata encryption

No password stored on server

Memory-hard key stretching (Argon2id)

Security Engineering

Security as foundation, not afterthought

From protocol design to infrastructure monitoring

Discuss Architecture

Security Expertise

Cryptographic Engineering, Built at Horizon Dynamics

Hybrid post-quantum protocols with ML-KEM-768 + Ristretto255, formally verified by Tamarin and ProVerif. Resistant to Harvest Now, Decrypt Later quantum attacks.

Authentication Protocol

OPAQUE

4DH key exchange with UKS resistance
Offline dictionary attack resistance (Argon2id)
Mutual authentication via HMAC-SHA-512
ML-KEM-768 post-quantum hybrid (NIST FIPS 203)

Messaging Protocol

Ecliptix Protection

Double Ratchet: unique key per message
X3DH + ML-KEM-768 hybrid key agreement
Forward secrecy + post-compromise security
Per-direction hybrid ratchet (DH + Kyber-768)

Full Security Stack

From authentication to delivery — end-to-end protection

User

Password never leaves the client device

OPAQUE Auth

4DH + ML-KEM-768 mutual authentication in 481 ms

Protection

Double Ratchet: fresh key per message

Quantum-Safe

HNDL-resistant hybrid encryption on every layer

Business Value of Security

Cryptography impact on business metrics

Properties Verified

OPAQUE: Tamarin 8/8 + ProVerif 8/8. Ecliptix: Tamarin 10/10 + ProVerif 4/6 + 6 game-based theorems. Dolev-Yao adversary with quantum oracle.

Handshake Latency

Full Ecliptix handshake (keygen + X3DH + Kyber + confirm). OPAQUE auth 481 ms including Argon2id 256 MiB. Hybrid ratchet step ~259 us.

Tests, 0 Failures

OPAQUE: 126 tests. Ecliptix: 159 tests including proptest, stress tests, and adversarial inputs. Zero clippy warnings across both codebases.

Standards Compliance

Cryptographic protocols meeting the highest security requirements

SOC 2Type II

Continuous security oversight, access control and data protection, verified by independent audit

GDPRCompliant

Full compliance with EU personal data protection requirements, including the right to erasure

HIPAAReady

Architecture meets requirements for the protection of medical information and patient data

ISO 27001Aligned

Information security management system aligned with the international standard

NISTSP 800-63

Digital identity and authentication protocols meeting federal security standards

FIPS140-3

Cryptographic modules aligned with current U.S. government security requirements

Protocol Comparison

How our protocols differ from traditional methods

Feature

OPAQUE

Protection

Traditional

Zero-knowledge password

Offline attack resistance

Forward secrecy

Per-message key rotation

Post-quantum resilience (ML-KEM-768)

Post-compromise security (self-healing)

Mutual authentication

Formally verified (Tamarin + ProVerif)

Nonce-misuse resistant AEAD

Per-epoch metadata encryption

No password stored on server

Memory-hard key stretching (Argon2id)

Security Engineering

Security as foundation, not afterthought

From protocol design to infrastructure monitoring

Discuss Architecture